Once logged in, you can find the inbound/outbound settings by clicking on Email protection > setup. This is where your you can find the settings for inbound and outbound delivery servers, and where point your MX records to allow the spam filtering process.

The main filtering policy is defined under Email Protection > Policies > Inbound Policies, here are the defaults that we start with:

The biggest change from other services is the “graymail” setting. It’s a pretty aggressive filter that catches most mailing lists and newsletters that users have signed up for. With the “Do nothing” setting, you’ll likely have users complaining about spam when they are really receiving newsletters from legitimate sources. It’s pretty well a catch 22, so you can change how you want that setting configured according to your needs.

We enable the block of the backscatter (at the bottom). It helps with those undeliverable messages coming back to spammers that make people think their accounts were compromised. Additionally, we set the “almost certainly spam” to Quarantine so nothing will outright get denied based on spam scoring.

Another worthwhile difference deals with file attachment setting:

These are the defaults, we usually don’t touch them unless there’s some specific need. If your environment requires users to receive email with scripts or executables, the recommended solution is to set the action to “quarantine the message”. This setting will notify the user (via the spam report) that they have a quarantined message, but will require an admin to release the message. This allows an admin to verify that the attachment is safe before releasing the mail to the user.

To release the message and attachment:

1. Log on to the Console as the administrator

2. Select Email Protection

3. Select Quarantine tab

4. Perform a Search

5. Release the message in question

Another thing that should be considered is MXLogic has a maximum of 10 aliases per user. We can create a distribution group and add email addresses that don’t require spam reports or console access. If there are users that require more than 10 aliases and need those services, we will need to break them up as separate users. If migrating from a previous spam service, any account with more than 10 aliases will have the aliases truncated, therefore requiring the additional aliases to be manually re-entered into the system. Note: Adding accounts and aliases requires propagation and can take up to 15 minutes to take effect.

The spam reports will come in daily at 9pm. There will be a link in the summary with an outlook plugin that will delete spam and report it to McAfee. It’s not required, but some people like the ability to easily report spam. We gave users the privilege of adjusting filtering options, since one global doesn’t seem to fit everyone.

When migrating to MXLogic from another service, we will leave the previous account active for 7 days after the migration as a “grace period” in case we need to reference aliases, allow for propagation, etc.

Welcome to McAfee Spam Services. Here are a couple of functionality and user notes about the new service:

By default, spam reports will be sent once per day. You can control what to do with the quarantined messages directly from the report. Reports will not be sent if there weren’t messages marked as spam in that 24 hour period.To customize your spam service features, you can access the console by going to https://console.mxlogic.com. Use the Forgot Password feature to gain access and set your permanent password. Once logged into the console, please note the individual tabs across the top. Most of them are self-explanatory but we would like to go over a couple specific functions of the service.

If you would like to edit the policy defaults for the Email Protection Settings, uncheck the “Use policy defaults” checkbox to make the changes. Here’s an explanation of the three settings:

Medium Spam Action – This is email that the system believes is spam but could be valid mail. The default is generally set to “Quarantine the message”. We recommend leaving this setting to the default but it can also be set to “Do nothing”. Please note, setting this to “Do nothing” will increase the amount of spam that is allowed to enter your inbox and will require you to manually mark the mail as spam or block the sender.

High Spam Action – This is email that the system recognizes as spam. The default is generally set to “Quarantine the message”. You might consider changing this to “Deny Delivery”.

Graymail Spam Action – Graymail is generally newsletters, mail lists, etc. that have been legitimately signed up for in one way or another. The two recommended settings are “Do nothing” or “Quarantine the message”. “Do nothing” will allow all these messages to come through to your inbox. You will need to unsubscribe from the mailings, manually mark the items as spam or block the sender.

The console also has an integrated disaster recovery function that will hold all mail sent to your organization if the connection to the mail server is lost. The tab called “Email Continuity” will allow you access to this spooled mail until the connection is restored. Please note: if the connection to the mail server is working properly, this tab will not contain any email.